Extracted

• • Target

    Setup.exe

  • Size

    18.2MB

  • MD5

    752333bc180e258f96afb991273d928f

  • SHA1

    be23f9548daff7eae99ff80128a4fb448b1b3b8b

  • SHA256

    0c0f10e45d6600cac802471617ede4b564429a14fb2a14c7b3e6ab6fea9bc9f6

  • SHA512

    a5752035979105e67e834cff0641161f62a51f92e526fe7b88fa20b51dd35c02249a9a159c1d1944d8762a34a1a371ae3035a3137d0044f8a6fa1c4d52b93888

  • SSDEEP

    393216:MVdUPTDNmk6wJ75gs97tpn4Lxq7fQAUPnefuYeV7wbyPE8hCvLSJD45:MwLDwk6wJ75VHn4LxFdPINeVQyPRCvL4

  Score

  10^/10

  jigsawredlineinfostealerpersistenceransomwarespywarestealer

  • Jigsaw Ransomware

    Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    ransomwarejigsaw

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Uses the VBS compiler for execution

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1